Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2026/05/09 3:48 a.m.7 views

EUVD-2026-28893

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Gi...

8.5CVSS5.7AI score0.00042EPSS
Exploits1References2
Snyk
Snykadded 2026/05/05 3:33 p.m.5 views

Malicious Package

Overview google-storage-cloud is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSVadded 2026/04/29 2:0 p.m.2 views

MAL-2026-3260 Malicious code in google-storage-cloud (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score
Exploits0References1
OSV
OSVadded 2025/08/14 6:52 p.m.1 views

MAL-2025-7941 Malicious code in @frozen-team/deploy-to-gcs (npm)

The package @frozen-team/deploy-to-gcs was found to contain malicious code...

7.2AI score
Exploits0
Hacker One
Hacker Oneadded 2021/11/12 12:2 p.m.24 views

Kubernetes: Google storage bucket takeover which is used to load JS file in dashboard.html in "github.com/kubernetes/release" which can lead to XSS

Report Submission Form Summary: Kubernetes have a github repository github.com/kubernetes/release In the repository there is code for dashboard. The dashboard have a html file dashboard.html which is using a JS file from a google storage bucket. The bucket was not registered on google cloud. So I...

6.2AI score
Exploits0
Kitploit
Kitploitadded 2019/11/11 1:0 p.m.28 views

GCPBucketBrute - A Script To Enumerate Google Storage Buckets, Determine What Access You Have To Them, And Determine If They Can Be Privilege Escalated

A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated. This script optionally accepts GCP user/service account credentials and a keyword. Then, a list of permutations will be generated from that keyword which will th...

7.3AI score
Exploits0References2
Hacker One
Hacker Oneadded 2018/08/31 6:58 p.m.20 views

Basecamp: Attachments may be hijacked via AppCache+CookieBombing trick (bc3_production_blobs bucket)

Basecamp attachments are stored in the bc3productionblobs bucket in the root directory and can be served with text/html content-type...

0.3AI score
Exploits0
Rows per page
Query Builder